Aug 312009
 August 31, 2009  Posted by  Breaches, Business, Non-U.S., Surveillance, Workplace

The Privacy and Information Security Law Blog reports that earlier this month,

the state DPA in North Rhine-Westphalia fined a subsidiary of the discount supermarket chain Lidl € 36,000 (approximately $51,000) for illegally keeping records of employee health data.

To compound the employee privacy breach with a security breach, it seems that the case was triggered by a report in the German news magazine Der Spiegel after someone found papers and forms containing Lidl employees’ health data in a trash bin at a car wash.

Subsequent investigations revealed that at least four Lidl branches in North Rhine-Westphalia were using a form to record data about employees’ medical conditions, partly without their knowledge. This activity was found to violate data protection law in many cases.

Sorry, the comment form is closed at this time.